1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for user
(关于单例双重检测,附上一篇文章,写的不错:https://jianshu/p/45885e50d1c4) 1publicstaticsynchronized
( guan yu dan li shuang zhong jian ce , fu shang yi pian wen zhang , xie de bu cuo : h t t p s : / / w w w . j i a n s h u . c o m / p / 4 5 8 8 5 e 5 0 d 1 c 4 ) 1 p u b l i c s t a t i c s y n c h r o n i z e d < T > E x t e n s i o n L o a d e r < T > i n i t E x t e n s i o n L o a d e r ( . . .
∩^∩
I tried a few suggestions and the found this site, sorry I messed with things and didn't see this sooner :/. I don't think I got everything removed
发表评论